Replicating the chassis (including the scratches, etc.) and other laptop parts is the hardest part of your attack. I assume you don't know about the nail-polish with glitter based protection?
Even "copying the login screen" is not necessarily easy.
You know the scratches on the chassis of your laptop? I definitely don't. If someone replaces my laptop with a brand new one, I'll notice something is off, but I wouldn't be surprised I'd notice /after/ typing my password. If rather than brand new, it's replaced another laptop with approximately same age/usage, I would most definitely not notice.
> I assume you don't know about the nail-polish with glitter based protection?
Nope, can you explain?
But okay, you may extend my attack by saying that you exchange the motherboard between the victim and the attacker laptop, so that you don't need to replicate the chassis.
> Even "copying the login screen" is not necessarily easy.
Personally my login screen is ubuntu's default FDE screen untouched, so there is literally no work involved to attack me there. I have absolutely no idea how to customize FDE screen. But even if I did, I'd expect that it would be pretty easy to plug in an HDMI capture to have a close-enough duplicate of the screen.
>But okay, you may extend my attack by saying that you exchange the motherboard between the victim and the attacker laptop, so that you don't need to replicate the chassis.
Modern computers has tamper detection and if you open them you'll need to type the BIOS password.
However, replacing the motherboard is going to replace the TPM. This is easily detectable with something like tpm2_totp in the bootchain.
> Modern computers has tamper detection and if you open them you'll need to type the BIOS password.
Is that somehow configurable from Linux distribution's setup, or it will require user to manually set a BIOS password? (and it requires the user to set a different bios password. if the user sets the same password for fde and for bios, then back to square 1)
> However, replacing the motherboard is going to replace the TPM. This is easily detectable with something like tpm2_totp in the bootchain.
That sounds interesting. Though it still sounds totally impossible for the vast majority of users.
At that point, I don't really know what's the goal of TFA. If it's for extreme power users who want best security, it is missing the various counter-measures mentioned in this thread. If it's about pushing distributions to have better defaults, then I think it's quite moot, because secure boot won't improve security much to average users.
>Is that somehow configurable from Linux distribution's setup, or it will require user to manually set a BIOS password? (and it requires the user to set a different bios password. if the user sets the same password for fde and for bios, then back to square 1)
Not yet? And when I said "modern computers" i should probably clarify I'm thinking about more enterprise grade computers. Such as Thinkpads.
Thinkpads also recently got the feature to set the password from Linux userspace. But I forget where I read that, and where the patch is located :)
>That sounds interesting. Though it still sounds totally impossible for the vast majority of users.
It is. But this is why threat modelling is important. If a realistic threat scenario is someone replacing your motherboard, then tpm2_totp should be something you setup.
Listing all possible attack scenarios and assuming any generic distribution protect fully against them is a pipe dream. There needs to be some compromise between usability and security.
>> I assume you don't know about the nail-polish with glitter based protection?
>Nope, can you explain?
You take clear, semi-liquid glue that hardens. The glue has various colored Mylar flexes (aka glitter) floating in it. Slather it onto a device (we did it for exposed ports on devices). The glue is semi-liquid so it will flow reasonably. Once the glue hardens, the orientation, distribution, coloring and such of the flex are set. Take picture(s) of the hardened glue. (just search for glitter glue)
Reproducing the complexity of the glue plus glitter is very hard.
Possible attacks is attempting to remove it, and inserting it back in. The right glitter glue is quite brittle so hard to remove it. Heating it will make it hazy before pliable, and cooling it makes them even more brittle. Breaks show up as while surface inclusion in the glue.
Even "copying the login screen" is not necessarily easy.